Interesting article on how the Russian attack on the US 2016 in trump’s favour happened.
CrowdStrike linked both groups to “the Russian government’s powerful and highly capable intelligence services.” APT 29, suspected to be the FSB, had been on the DNC’s network since at least summer 2015. APT 28, identified as Russia’s military intelligence agency GRU, had breached the Democrats only in April 2016, and probably tipped off the investigation. CrowdStrike found no evidence of collaboration between the two intelligence agencies inside the DNC’s networks, “or even an awareness of one by the other,” the firm wrote.
It wasn’t just one Russian intelligence agency that carried out the attack it was two. The FSB and GRU.
And as soon as the Russian knew they had been detected they began dumping large amounts of the material they had illegally taken from the DNC.
The DNC knew that this wild claim would have to be backed up by solid evidence. A Post story wouldn’t provide enough detail, so CrowdStrike had prepared a technical report to go online later that morning. The security firm carefully outlined some of the allegedly “superb” tradecraft of both intrusions: the Russian software implants were stealthy, they could sense locally-installed virus scanners and other defenses, the tools were customizable through encrypted configuration files, they were persistent, and the intruders used an elaborate command-and-control infrastructure. So the security firm claimed to have outed two intelligence operations.
Then, the next day, the story exploded.
On June 15 a Wordpress blog popped up out of nowhere. And, soon, a Twitter account, @GUCCIFER_2. The first post and tweet were clumsily titled: “DNC’s servers hacked by a lone hacker.” The message: that it was not hacked by Russian intelligence. The mysterious online persona claimed to have given “thousands of files and mails” to Wikileaks, while mocking the firm investigating the case: “I guess CrowdStrike customers should think twice about company’s competence,” the post said, adding “Fuck CrowdStrike!!!!!!!!!”
Along with the abuse, the Guccifer 2.0 account started publishing stolen DNC documents on the Wordpress blog, on file sharing sites, and by giving “a few docs from many thousands” to at least two US publications, The Smoking Gun and Gawker. Mainstream media outlets quickly picked up the story and covered the Clinton campaign’s opposition research on Trump in hundreds of news items that revealed pre-rehearsed arguments against the presumptive Republican nominee: that “Trump has no core”; that he is a “bad businessman;” and that he should be branded “misogynist in chief.” Donor lists were leaked along with personal contact details and juicy dollar amounts.
And this links directly to Assange and Wikileaks.
The Guccifer 2.0 account also claimed that it had given an unknown number of documents containing “election programs, strategies, plans against Reps, financial reports, etc” to Wikileaks. Two days later, Wikileaks published a massive 88 gigabyte encrypted file as “insurance.” This file, which Julian Assange could unlock by simply tweeting a key, is widely suspected to contain the DNC cache. On 13 July, almost a month after the hack became public, the intruders leaked selected files exclusively to The Hill, a Washington outlet for Congressional and political news, and then made the original files available later.
Nine days later, on July 22, just after Trump was officially nominated and before the Democratic National Convention got under way, Wikileaks published more than 19,000 DNC emails with more than 8,000 attachments—“i sent them emails, i posted some files in my blog,” Guccifer confirmed by DM, when asked if he shared all files with Julian Assange. Two days later, on July 24, Debbie Wasserman Schultz, chair of Democratic National Committee, announced her resignation—the extraordinary hack and leak had helped force out the head of one of America’s political parties and threatened to disrupt Hillary Clinton’s nominating convention.
This tactic and its remarkable success is a game-changer: exfiltrating documents from political organisations is a legitimate form of intelligence work. The US and European countries do it as well. But digitally exfiltrating and then publishing possibly manipulated documents disguised as freewheeling hacktivism is crossing a big red line and setting a dangerous precedent: an authoritarian country directly yet covertly trying to sabotage an American election.